1

At my office whenever I log into a linux server I get a standard message which basically amounts to "You consent to us monitoring you if you use this machine". This has been required part of every linux install for years, and isn't an issue by itself, it's easy to ignore.

Recently when I requested new VMs they implemented the consent banner differently. Now instead of only running when I first log in to the VM it also is output every time I run sudo, presumably because I'm implicitly logging on as root when I use sudo. This is extremely annoying to me, as the banner is long enough to fill most of the screen making it hard to look back at any previous commands/output. I reported it but the SA claim that this is standard policy (I'm pretty sure they implemented it wrong though, no other machine does it every time I run sudo).

I want to prevent this annoying output from being printed. I have full sudo rights on the machine, which means I could turn it off. However, I don't want to be accused of undermining standard hardening procedures by simply disabling the consent banner for everyone; that's the sort of thing that would get my sudo rights revoked.

So how can i configure my personal enviroment to ensure I don't get the consent banner every time I run sudo, without removing it from others or otherwise making global changes that could get me accused of messing with the standard hardening procedures? For instance can I alias sudo to some variant of sudo that sends the consent message to /dev/null?

This is on centos 7.5 vms.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
dsollen
  • 804
  • 1
  • 12
  • 25
  • Are you doing something like `sudo su -` to log in as root? Or is it every time you run a sudo command? The banner could be coming from different places. – Jeff Schaller Jan 18 '19 at 16:56
  • Any sudo command gets it. I try never to do sudo su if I can avoid it (though I'm far more tempted to do it now to get around the stupid consent banner) – dsollen Jan 18 '19 at 17:00
  • Wouldn't disabling the banner for yourself run the risk of getting you "accused of messing with the standard security hardening procedures"? – Jeff Schaller Jan 18 '19 at 17:22
  • @JeffSchaller I doubt they would notice, and I'm pretty sure that the banner isn't really suppose to happen every time I sudo so it's a risk I'm willing to take. I doubt they would care, and worst case they would tell me to stop, but they wouldn't get me in any real trouble so long as I'm not changing global settings. – dsollen Jan 18 '19 at 17:25
  • It sounds like a problem where a social/political solution would be more elegant than a purely technical hack/workaround. What I mean is, it would be valid to push back and ask to have the behaviour changed. Have you tried approaching the mgmt or main sysadmin or whatever and tell them this is giving you grief? – cryptarch Jan 18 '19 at 19:35
  • You could try `Defaults:your-username lecture=never`, unless that's "changing a global setting" – Jeff Schaller Jan 19 '19 at 02:29

0 Answers0